RE: New MS tool "URLSCAN" filters bad URL requests from your IIS (OWA ) server

Walden H. Leverich Thu, 13 Sep 2001 10:54:45 -0700
An uneducated guess would be to add an extension with just the dot (.) and
no letters after it.

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 13, 2001 2:16 PM
To: Exchange Discussions
Subject: RE: New MS tool "URLSCAN" filters bad URL requests from your
IIS (OWA ) server


A bit of warning.  I encountered a problem with URLScan. Here is a query I
posted to an IIS list that explains it.
-----
Anyone used the URLScan tool yet?
(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security
/URLScan.asp)

I want to set "UseAllowExtensions=1" which allows only the specified
extensions, however when I do this, it denies my home page
(http://www.mysite.com/) with this message:  
Client at 127.0.0.1: URL contains extension '(null)', which is not
specifically allowed. Request will be rejected.  Raw URL='/'

I tried putting "(null)" in the allowed extension list but I got this error:
'(null)' *** Warning *** Invalid extension.  Must start with '.'.

Anyone know how to allow the default page?

___________  

Mitch Claborn - Ignite Sales
(972) 458-5519
[EMAIL PROTECTED]
 



-----Original Message-----
From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 13, 2001 12:42 PM
To: Exchange Discussions
Subject: New MS tool "URLSCAN" filters bad URL requests from your IIS
(OWA ) server
Importance: High


Microsoft just released a new IIS utility called URLSCAN which can block
suspicious URL's from your IIS server.  You can get it from:

 http://www.microsoft.com/downloads/release.asp?ReleaseID=32571

I just installed it on my OWA server (NT4 sp6a, EX5.5 sp4) and it seems to
work fine.  It is configured by an INI file which tells it what types of URL
requests to block.  Here is the log of it starting up and blocking one
request:


[Thu, Sep 13 2001 - 13:15:10] ---------- UrlScan.dll Initializing ----------
[Thu, Sep 13 2001 - 13:15:10] URLs will be normalized before analysis.
[Thu, Sep 13 2001 - 13:15:10] URL normalization will be verified.
[Thu, Sep 13 2001 - 13:15:10] URLs may contain OEM, international and UTF-8
characters.
[Thu, Sep 13 2001 - 13:15:10] URLs must not contain any dot except for the
file extension.
[Thu, Sep 13 2001 - 13:15:10] Only the following verbs will be allowed (case
sensitive):
[Thu, Sep 13 2001 - 13:15:10]   'GET'
[Thu, Sep 13 2001 - 13:15:10]   'HEAD'
[Thu, Sep 13 2001 - 13:15:10]   'POST'
[Thu, Sep 13 2001 - 13:15:10] Requests for following extensions will be
rejected:
[Thu, Sep 13 2001 - 13:15:10]   '.exe'
[Thu, Sep 13 2001 - 13:15:10]   '.bat'
[Thu, Sep 13 2001 - 13:15:10]   '.cmd'
[Thu, Sep 13 2001 - 13:15:10]   '.com'
[Thu, Sep 13 2001 - 13:15:10]   '.htw'
[Thu, Sep 13 2001 - 13:15:10]   '.ida'
[Thu, Sep 13 2001 - 13:15:10]   '.idq'
[Thu, Sep 13 2001 - 13:15:10]   '.htr'
[Thu, Sep 13 2001 - 13:15:10]   '.idc'
[Thu, Sep 13 2001 - 13:15:10]   '.shtm'
[Thu, Sep 13 2001 - 13:15:10]   '.shtml'
[Thu, Sep 13 2001 - 13:15:10]   '.stm'
[Thu, Sep 13 2001 - 13:15:10]   '.printer'
[Thu, Sep 13 2001 - 13:15:10]   '.ini'
[Thu, Sep 13 2001 - 13:15:10]   '.log'
[Thu, Sep 13 2001 - 13:15:10]   '.pol'
[Thu, Sep 13 2001 - 13:15:10]   '.dat'
[Thu, Sep 13 2001 - 13:15:10] Requests containing the following headers will
be rejected:
[Thu, Sep 13 2001 - 13:15:10]   'translate:'
[Thu, Sep 13 2001 - 13:15:10]   'if:'
[Thu, Sep 13 2001 - 13:15:10]   'lock-token:'
[Thu, Sep 13 2001 - 13:15:10] Requests containing the following character
sequences will be rejected:
[Thu, Sep 13 2001 - 13:15:10]   '..'
[Thu, Sep 13 2001 - 13:15:10]   './'
[Thu, Sep 13 2001 - 13:15:10]   '\'
[Thu, Sep 13 2001 - 13:15:10]   ':'
[Thu, Sep 13 2001 - 13:15:10]   '%'
[Thu, Sep 13 2001 - 13:15:10]   '&'
[Thu, Sep 13 2001 - 13:37:00] Client at 192.168.1.1: Sent verb 'OPTIONS',
which is not specifically allowed. Request will be rejected.

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]
RE: New MS tool "URLSCAN" filters bad URL requests from your IIS (OWA ) server

Reply via email to
